Apple Fixes Threat from Fake iPhone Chargers in iOS 7 [Update]

By Bryan Chaffin

Aug 1st, 2013 1:07 PM EDT

Apple is addressing the threat from maliciously crafted, fake USB-based iPhone chargers in iOS 7. Security researchers announced in June that they discovered how to hack an iPhone using a Linux-computer disguised as a charger. The team demonstrated that technique at this week's Black Hat conference in Las Vegas, and Apple has said it will address the issue in iOS 7.

"Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," the researchers wrote on their Black Hat presentation description in June. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."

Reuters covered the news from Las Vegas, where the team successfully demonstrated their attack using a device that cost $40 to make and a week to design. They used it to automatically infect an iPhone with software that then successfully called another phone without user interaction.

A real attacker could have all manner of software that would completely take over your iPhone, give the attacker remote control over it, access emails, contact info, or text messages, log your passwords, or scariest of all, use it to track your location.

Apple said that the problem will be eliminated in iOS 7 by alerting the user they are connecting their iOS device to a computer, whether or not it looks like a computer. Android does this in current versions of the mobile operating system.

iOS 7 beta 4 users are asked if they want to, "Trust the currently connected computer?" a prompt requiring user action. If your iPhone is locked, that user interaction won't be possible until it is unlocked. ArsTechnicaposted a screenshot of the warning.

Apple made the rare move of acknowledging the security researchers in a statement given to Reuters, which said, "We would like to thank the researchers for their valuable input."